US11343108B2 - Generation of composite private keys - Google Patents
Generation of composite private keys Download PDFInfo
- Publication number
- US11343108B2 US11343108B2 US16/900,671 US202016900671A US11343108B2 US 11343108 B2 US11343108 B2 US 11343108B2 US 202016900671 A US202016900671 A US 202016900671A US 11343108 B2 US11343108 B2 US 11343108B2
- Authority
- US
- United States
- Prior art keywords
- bitstream
- selector
- addressable
- puf
- stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/304—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy based on error correction codes, e.g. McEliece
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Definitions
- Conventional secure communication techniques involve transmitting encrypted information over a channel such as an electrical transmission line, a fiber-optic cable, or through free space using electromagnetic waves.
- Such techniques make use of cryptographic methods utilizing shared secrets (i.e., a cryptographic key) between a sender and a receiver to ensure that only the intended parties can properly encode and decode a message.
- shared secrets i.e., a cryptographic key
- the sender and receiver may share cryptographic tables or exchange information between them to arrive at a shared key.
- the length of the shared keys used and the number of available keys will depend upon memory limitations and/or available communications bandwidth.
- a method includes receiving an initial instruction from a remote computing device using a client computing device having an addressable cryptographic table, retrieving first and second bitstreams having different lengths from the addressable cryptographic table by deriving addresses in the addressable cryptographic table from the initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, outputting the first bit values as the first bitstream and the second bit values as the second bitstream, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
- the method includes determining, as the different lengths of the first and second bitstream, two co-prime integers, and selecting a product of the different lengths as the desired length.
- the method includes selecting a permutation instruction from a set of allowed permutation instructions defined in memory of the computing device, applying one or more permutation instructions or logical operations to the selector stream to produce additional selector streams, and forming additional composite encryption keys by selecting values of the data stream identified by corresponding values of respective additional selector strings.
- applying the one or more permutation instructions or logical operations includes applying a unique permutation function that uniquely reorders values of the selector stream to produce each additional selector stream.
- retrieving the first and second bitstreams from the addressable cryptographic table comprises measuring physical characteristics of physical unclonable function (“PUF”) devices of a PUF array of the computing device at addresses in the PUF array derived from the initial instruction.
- measuring the physical characteristics of the PUF devices of the PUF array comprises repeatedly measuring each PUF device and returning values for each PUF device based on statistical characteristics of the repeated measurements of that PUF device.
- the method includes encoding into the first composite encryption key an error correction code, and executing an error correction method on the first composite encryption key using parity bits, data helpers, response based cryptographic methods, ternary cryptography, and fuzzy extractors.
- a device in an embodiment, includes a processor and a memory coupled to the processor.
- the memory stores instructions that, when executed by the processor, cause the processor to perform the steps of receiving an initial instruction from a remote computing device using a client computing device having an addressable cryptographic table, retrieving first and second bitstreams having different lengths from the addressable cryptographic table by deriving addresses in the addressable cryptographic table from the initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, outputting the first bit values as the first bitstream and the second bit values as the second bitstream, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
- a device in an embodiment, includes a processor and a memory coupled to the processor.
- the memory stores instructions that, when executed by the processor, cause the processor to perform the steps of receiving an initial instruction from a remote computing device, retrieving first and second bitstreams having different lengths from an addressable cryptographic table by determining first and second bit values stored at addresses belonging to addresses derived from the initial instruction in the addressable cryptographic table, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
- FIG. 1 depicts a schematic of example communication systems in which embodiments disclosed herein may be practiced.
- FIG. 2 depicts two communication systems communicating using a shared encryption key independently generated by both parties using cryptographic table data.
- FIG. 3 is a flowchart depicting an example method for generating extended-length cryptographic keys according to embodiments disclosed herein.
- FIGS. 4A-4B are illustrations of steps in the generation of an extended length cryptographic key from two shorter keys.
- FIG. 5 is table depicting combinations of data operations used to create multiple unique composite cryptographic keys.
- FIGS. 6A-6B illustrate extension of a set of composite keys and multiple such extensions as may be generated in multi-threaded computing system.
- FIG. 7 is a table summarizing composite key space sizes achieved using various combinations of key extension techniques disclosed herein.
- Private keys are generated using data in addressable cryptographic tables addressed using public keys.
- Extended length private keys may be derived from private keys such that the original private key space is obscured and new composite private keys do not repeat any patterns of the original private keys.
- One key is used as bit selector stream and the other key is used as a data stream to form the new composite private key.
- This invention extends the new composite private key space by the use of permutations and manipulations against the original bit selector stream. This results in no repetition across multiple composite private key spaces. Multiple composite keys can be produced from one data stream by applying permutations and other manipulations of the selector stream.
- Composite key generation performance may be optimized by using multiple ordered key pairs in parallel. This multi-threaded design improves the speed of key generation many times over by organizing the generation of composite keys around multiple key pairs in parallel.
- the composite key space is extended indefinitely by the use of key extensions as part of the encrypted payload. This has the impact of private key lengths that are as long as the data to be encrypted and decrypted.
- FIG. 1 is a schematic illustrating communications systems in which embodiments disclosed herein may be practiced.
- communication system 100 A acts as the sender (“Alice”) and communication system 100 B acts the receiver (“Bob”).
- the communication systems 100 A/B each have respective processing circuitry 110 A/B, memory 120 A/B, communication interfaces 130 A/B, and transceivers 140 A/B. Each system communicates sends and/or receives information via its communication interface 140 A/B.
- the communication interfaces 130 A/B are coupled to transceivers 140 A/B which send signals over a communication channel 150 .
- the processing circuitry 110 B of communication system 100 B may optionally include security circuitry 112 B, for use with certain embodiments disclosed herein.
- the memory 120 A of communication system 100 A may optionally store security data 122 A for use with certain embodiments.
- the security circuitry 112 B may include a dedicated PUF array.
- the processing circuitry 110 B may be configured to respond to an authentication challenge which specifies an address (or range of addresses) in the PUF array and a set of operations to perform in order to generate a unique response to the authentication challenge.
- Such embodiments may be designed to communicate with embodiments of communication system 100 A configured to store security data 122 A in the memory 120 A.
- the processing circuitry 110 A is configured to generate authentication challenges and receive responses to those challenges. The responses and challenges may be saved as part of the security data 122 A.
- processing circuitry 110 A may be further configured to send randomly-selected challenges to embodiments of communication system 100 B having security circuitry 112 B.
- transmitting the challenges to communication system 100 B allows communication systems 100 A and 100 B to agree upon the challenge responses as shared encryption keys without required information which might compromise the secrecy of those keys to be transmitted, as described below.
- FIG. 2 illustrates an environment in which two parties, “Alice” ( 210 A) and “Bob” ( 210 B) communicate in order to agree upon a shared key.
- “Alice” and “Bob” each have access to respective cryptographic tables 210 A,B.
- the cryptographic tables store ternary data.
- “Alice” may generate a public key 220 (or a datastream from which the public key 220 may be extracted) and transmit that public key 220 to Bob. Alice and Bob can both use the public key 220 to access their respective cryptographic tables.
- the public key 220 may be used to generate a message digest using a hash function 212 .
- the output of the hash function 212 may be used as an address 205 A,B (or range of addresses) that identifies a values stored in the respective cryptographic tables 210 A,B.
- the public key 220 may be combined with a password (such as one or both of the passwords 222 A,B) or other token.
- the password may be shared by the two parties, or each party may use a unique password.
- the address spaces of each of the cryptographic tables 210 A,B may be configured such that the combination of the same public key 220 with the password of each party indexes the same data.
- the functionality of the cryptographic tables 210 A,B may be realized by one party (e.g., “Bob”) having an array of physical unclonable function (PUF) devices (a “PUF array” and another party (e.g., “Alice) having access to information characterizing the PUF array.
- a PUF array may be any array of devices having unique physical characteristics which may be used to identify a user or device in possession of the array.
- unique PUF arrays may be produced using known semiconductor or other mass production techniques with sufficient variability such that it is highly improbable that any two arrays produced using the same process will possess indistinguishable physical characteristics.
- Non-limiting examples of such characteristics are time delays of transistor-based ring oscillators and transistor threshold voltages.
- Other non-limiting examples include optical devices.
- Bob may possess an optical PUF device which, when illuminated by a light source such as a laser produces a unique image due to minute manufacturing variations. This image may be digitized and the pixels may be used to form an addressable PUF array.
- Another example is an array of SRAM cells each of which will “default” to storing a ‘0’ or a ‘ 1’.
- the measured characteristics of a PUF array may not be perfectly deterministic to due to aging, thermal drift, or other causes.
- some of the SRAM cells in an SRAM-based array may always store a ‘0’ or ‘ 1’ after a power cycle while others may oscillate between states.
- Non-deterministic devices may be dealt with in a number of ways. As one example, a system may repeatedly measure each device either before or in response to an attempt to read values of the devices. Devices whose measurements vary more than a threshold may be excluded and the system may store (or receive) instruction for substituting measurements of other devices in place of the “unreliable” devices. In other schemes, PUF devices may be measured repeatedly and assigned values based on statistical characteristics.
- devices that store a ‘0’ more than a certain percentage of the time may be assigned a ‘0’ value and devices that store ‘1’ more than a certain percentage of the time may be assigned a ‘1’ value.
- devices that store a ‘0’ or ‘1’ may be assigned a third value as part of a ternary scheme in which reliable devices are assigned a ‘0’ or a ‘ 1’ while “unreliable” devices are assigned a third value. This concept may be extended to quaternary and other number systems.
- a device having a PUF array with potentially unreliable devices may store or otherwise receive error correction information such as parity and/or checksum data and may employ suitable error-correcting codes and other error-correction techniques.
- error correction methods may be performed on the composite encryption key using parity bits, data helpers, response based cryptographic methods, ternary cryptography, and fuzzy extractors.
- FIG. 3 is a flowchart illustrated an example process 300 for generating one or more extended length keys according to embodiments herein. Two communicating parties may use a process such as the process 300 to independent generated one or more variable-length extended keys upon sharing a message (e.g., the public key 220 ) between them.
- a message e.g., the public key 220
- FIG. 3 is a flowchart depicting an example method 300 for generating extended-length cryptographic keys according to embodiments disclosed herein.
- Method 300 may be implemented by any suitable devices including appropriate combinations of processors, memory and other hardware components (e.g., PUF arrays).
- an initial instruction is received from a remote computing device using a client computing device having an addressable cryptographic table and in step 304 first and second bitstreams having different lengths are retrieved from the addressable cryptographic table by deriving addresses in the addressable cryptographic table from the initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, and outputting the first bit values as the first bitstream and the second bit values as the second bitstream.
- step 306 the first bitstream is concatenated with data from the first bitstream to form a data stream having a desired length and in step 308 the second bitstream is concatenated with data from the second bitstream to form a selector stream having the desired length.
- step 310 a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream is formed by selecting values of the data stream identified by corresponding bit values of the selector stream.
- a composite key generation method begins with two private keys that are on average 21.3 KB long. These private keys are unique and are generated using two unique public keys (e.g., two public keys 220 ) to retrieve values from a cryptographic table (e.g., a cryptographic table 210 ).
- the composite key generation process requires the steps comprising: At a minimum, two or more unique private keys, denoted as K 1 , K 2 , . . . , K N , with respective lengths of L 1 , L 2 , . . . , L N bytes are selected. Each of the private keys must have different lengths wherein L 1 ⁇ L 2 ⁇ . . .
- each of the private keys are based upon a randomly-selected public key, there will be no repeating predictable data patterns.
- the keys may also be derived from other cryptographic keys.
- a first private key (e.g., K 1 ) is chosen as a “selector” stream.
- the selector stream is formed by concatenating K 1 with itself for L 2 times, and will be denoted S 1 .
- another private key is chosen (e.g., K 2 ) that is defined as the data stream.
- the data stream is formed by concatenating K 2 with itself for L 1 times and is denoted as D 1 .
- lengths L 1 and L 2 are typically selected to be prime numbers where L 1 ⁇ L 2 .
- the relative byte offset in each K 1 and K 2 are uniquely paired such that no same offset pairs will repeat during the scope of the S 1 and D 1 byte alignments. This will result in a composite bit stream with no repeating data patterns due to repeated byte pairings from the respective K 1 and K 2 .
- FIG. 4B illustrates formation of the composite key by indexing the aligned selector and data streams.
- the locations of individual selector bits that equal ‘1’ form a mask that may be used to select corresponding bits from the data stream and where individual selector bits that equal 0 ignore bits from data stream.
- An alternate bit selection method may be implemented by forming N-bit groups of the selector and performing a mod 2 calculation where a ‘1’ value selects the corresponding group of N-bit groups of the data, and a result of 0 ignores the data.
- the arguments are an ordered pair (S 1 , D 1 ), and when they are reversed, this results in the generation of a completely different composite key by
- C 2 generateComposite(D 1 , S 1 ).
- the composite key length will L 1 ⁇ L 2 ⁇ 50%.
- the 50% comes from the usage of selector streams with a uniform random distribution of ‘1’ values.
- the select modifiers uniquely extend the composite private keys, wherein each of the new composite key derivatives greatly expands the total composite key space. There are two distinct forms of select modifications: the permutation modifiers and the XOR modifiers.
- Additional composite keys may be created by permuting values of the selector stream.
- a set of permutation operations may be defined and a system may store (or receive) instructions that determine which permutations to apply, in which order such that two communicating parties can independently generate the same additional selectors and thus generate identical sets of additional composite keys.
- p k where k ⁇ 0.
- p 0 also referred to as the pass-through
- p 0 [12345678] 12345678.
- p 0 [0b11110000] 0b11110000.
- p 1 [0b101010] 0b01010101.
- p 2 [0b00111100] 0b11000011.
- Bit-rotate permutations are functions are denoted as b k where k>0 and # ⁇ 8.
- b 0 [0b10110010] 0b10110010.
- b 1 [12345678] 23456781.
- b 1 (0b10110010) 0b01100101.
- b 2 [12345678] 34567812.
- b 2 [0b10110010] 0b11001010.
- permutation function maps 1-byte (8-bits) ⁇ 1-byte (8-bits).
- XOR functions are manipulation functions, denoted as x k where k ⁇ 0.
- the XOR function is denoted by the ⁇ circumflex over ( ) ⁇ bit operator.
- x 1 [bits] bits ⁇ circumflex over ( ) ⁇ 0b11111111.
- x 2 [bits] bits ⁇ circumflex over ( ) ⁇ 0b11011101.
- the set of basic permutation functions ⁇ p, b ⁇ may be combined with XOR-based manipulations.
- the composite key generation process continues in a very ordered manor, as shown in FIG. 5 , with very specific selector manipulation sequences for each byte in the base selector stream.
- the final composite key correspondingly grows by concatenate(C 0 , C 1 , . . . , C N ).
- the maximum composite key space length is up to 224.37 MB •51,200 ⁇ 10.96 TB for a single private key pair (e.g., K 1 , K 2 ).
- these permutation functions map are 1-byte (8-bits) at the input ⁇ 1-byte (8-bits) at the output.
- the permutation mappings may be extended to include other input output mappings, like using adjacent bytes as inputs.
- example mappings include: 2-byte (16-bits) ⁇ 1-byte (8-bits) permutations. For example, where the previous byte bit positions ‘abcdefgh’ and the current byte bit positions ‘12345678’, then a new byte of ‘b2d4f6h8’ can be formed.
- the composite key length can be doubled by generating both concatenate(C 1 , C 2 ). This results in 2 ⁇ 10.96 TB ⁇ 21.92 TB of total composite key space using just two unique K 1 and K 2 values.
- each of the public keys must be defined upfront.
- the number of public keys is set depending upon the desired total composite private key space and/or the amount of parallel ordered key pair generation worker threads, as discussed in more detail below.
- the storage and communication of the public keys is largely dependent upon the use case.
- the two systems i.e., the sender and receiver
- they may each have separately secured identical cryptographic tables and passwords, and they communicate an initial set of public keys and the encrypted file.
- the initial key exchange will be referenced as ‘KeySet 1 ’.
- the XOR encrypted data will be organized in logical “data blocks.”
- the size of the data blocks is implementation dependent. One possible implementation is to arrange the data blocks around the indices of the b N [p N [x N [selByte] ] ] calls that were described previously. The significance of these data blocks is that they will be used during the key extension process.
- a creative way of generating the key space faster is to implement a threading algorithm that generates the composite key space in parallel.
- One such innovative threading algorithm is to organize the processing of ordered key pairs into separate threads.
- FIG. 6B shows an example, where there are 3 unique keys K 1 , K 2 , and k 3 and several ordered key pair threads are formed.
- Each of the worker threads above create blocks of unique key space that are created in parallel.
- a key consumer thread is defined (not shown) that is either performing encryption or decryption.
- the key consumer thread absorbs the blocks of unique key space in block sequential order. This allows the overall rate of encryption/decryption to run many times faster.
- FIG. 7 summarizes the available composite key space as additional keys are generated as described above for an example where the first selector and the first datastream each have a length of 448.7 MB, (their respective lengths being 21,701 and 21,683). Two 224.3 MB composite keys may be generated. These two keys may be concatenated to form a composite key space of 448.7 MB.
- FIG. 7 shows the key spaces achieved with various schemes disclosed herein enabling larger and larger composite key spaces.
- D 1 by concatenating K 2 with itself q 1 times, so that the data stream D 1 has a total length of q 1 ⁇ q 2 bytes.
- the streams S 1 and D 1 are aligned such that they are both indexed by the integer i offset, where O ⁇ i ⁇ q 1 ⁇ q 2 .
- a method includes receiving an initial instruction from a remote computing device using a client computing device having an addressable cryptographic table, retrieving first and second bitstreams having different lengths from the addressable cryptographic table by deriving addresses in the addressable cryptographic table from the initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, outputting the first bit values as the first bitstream and the second bit values as the second bitstream, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
- the method includes determining, as the different lengths of the first and second bitstream, two co-prime integers, and selecting a product of the different lengths as the desired length.
- the method includes selecting a permutation instruction from a set of allowed permutation instructions defined in memory of the computing device, applying one or more permutation instructions or logical operations to the selector stream to produce additional selector streams, and forming additional composite encryption keys by selecting values of the data stream identified by corresponding values of respective additional selector strings.
- applying the one or more permutation instructions or logical operations includes applying a unique permutation function that uniquely reorders values of the selector stream to produce each additional selector stream.
- retrieving the first and second bitstreams from the addressable cryptographic table comprises measuring physical characteristics of physical unclonable function (“PUF”) devices of a PUF array of the computing device at addresses in the PUF array derived from the initial instruction.
- measuring the physical characteristics of the PUF devices of the PUF array comprises repeatedly measuring each PUF device and returning values for each PUF device based on statistical characteristics of the repeated measurements of that PUF device.
- the method includes encoding into the first composite encryption key an error correction code, and executing an error correction method on the first composite encryption key using parity bits, data helpers, response based cryptographic methods, ternary cryptography, and fuzzy extractors.
- a device in an embodiment, includes a processor and a memory coupled to the processor.
- the memory stores instructions that, when executed by the processor, cause the processor to perform the steps of receiving an initial instruction from a remote computing device using a client computing device having an addressable cryptographic table, retrieving first and second bitstreams having different lengths from the addressable cryptographic table by deriving addresses in the addressable cryptographic table from the initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, outputting the first bit values as the first bitstream and the second bit values as the second bitstream, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
- a device in an embodiment, includes a processor and a memory coupled to the processor.
- the memory stores instructions that, when executed by the processor, cause the processor to perform the steps of receiving an initial instruction from a remote computing device, retrieving first and second bitstreams having different lengths from an addressable cryptographic table by determining first and second bit values stored at addresses belonging to addresses derived from the initial instruction in the addressable cryptographic table, concatenating the first bitstream with data from the first bitstream to form a data stream having a desired length, concatenating the second bitstream with data from the second bitstream to form a selector stream having the desired length, and forming a first composite encryption key having a length longer than a length of the first bitstream and the second bitstream by selecting values of the data stream identified by corresponding bit values of the selector stream.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/900,671 US11343108B2 (en) | 2019-06-12 | 2020-06-12 | Generation of composite private keys |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962860474P | 2019-06-12 | 2019-06-12 | |
US16/900,671 US11343108B2 (en) | 2019-06-12 | 2020-06-12 | Generation of composite private keys |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200396091A1 US20200396091A1 (en) | 2020-12-17 |
US11343108B2 true US11343108B2 (en) | 2022-05-24 |
Family
ID=73744765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/900,671 Active 2040-10-30 US11343108B2 (en) | 2019-06-12 | 2020-06-12 | Generation of composite private keys |
Country Status (1)
Country | Link |
---|---|
US (1) | US11343108B2 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230188338A1 (en) * | 2021-12-10 | 2023-06-15 | Amazon Technologies, Inc. | Limiting use of encryption keys in an integrated circuit device |
Citations (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5434917A (en) | 1993-10-13 | 1995-07-18 | Thomson Consumer Electronics S.A. | Unforgeable identification device, identification device reader and method of identification |
US20030210783A1 (en) * | 2000-07-27 | 2003-11-13 | Ross Filippi | Method and system of encryption |
US20080044027A1 (en) | 2003-10-29 | 2008-02-21 | Koninklijke Philips Electrnics, N.V. | System and Method of Reliable Foward Secret Key Sharing with Physical Random Functions |
US20110103161A1 (en) * | 2008-04-17 | 2011-05-05 | Tuyls Pim T | Method of reducing the occurrence of burn-in due to negative bias temperature instability |
US20120128151A1 (en) * | 2009-08-07 | 2012-05-24 | Dolby International Ab | Authentication of Data Streams |
US20120131340A1 (en) * | 2010-11-19 | 2012-05-24 | Philippe Teuwen | Enrollment of Physically Unclonable Functions |
US20120183135A1 (en) | 2011-01-19 | 2012-07-19 | Verayo, Inc. | Reliable puf value generation by pattern matching |
US20120265928A1 (en) | 2011-04-15 | 2012-10-18 | Kui-Yon Mun | Non-volatile memory devices, methods of operating non-volatile memory devices, and systems including the same |
US8300450B2 (en) | 2010-11-03 | 2012-10-30 | International Business Machines Corporation | Implementing physically unclonable function (PUF) utilizing EDRAM memory cell capacitance variation |
US20130156183A1 (en) * | 2011-12-16 | 2013-06-20 | Yuichi Komano | Encryption key generating apparatus and computer program product |
US20140093074A1 (en) * | 2012-09-28 | 2014-04-03 | Kevin C. Gotze | Secure provisioning of secret keys during integrated circuit manufacturing |
US20150007337A1 (en) | 2013-07-01 | 2015-01-01 | Christian Krutzik | Solid State Drive Physical Uncloneable Function Erase Verification Device and Method |
US20150071432A1 (en) | 2013-09-09 | 2015-03-12 | Qualcomm Incorporated | Physically unclonable function based on resistivity of magnetoresistive random-access memory magnetic tunnel junctions |
US20150195088A1 (en) | 2014-01-03 | 2015-07-09 | William Marsh Rice University | PUF Authentication and Key-Exchange by Substring Matching |
WO2015105687A1 (en) | 2014-01-08 | 2015-07-16 | Stc.Unm | Systems and methods for generating physically unclonable functions from non-volatile memory cells |
US20150234751A1 (en) * | 2012-10-04 | 2015-08-20 | Intrinsic Id B.V. | System for generating a cryptographic key from a memory used as a physically unclonable function |
US20160042628A1 (en) | 2006-06-19 | 2016-02-11 | Rezia Fatima Begum Roston | Childcare tracking systems and method |
US20160078252A1 (en) * | 2014-09-15 | 2016-03-17 | Arm Limited | Address dependent data encryption |
US20170017808A1 (en) * | 2015-07-13 | 2017-01-19 | Texas Instruments Incorporated | Sram timing-based physically unclonable function |
US20170046129A1 (en) * | 2015-08-13 | 2017-02-16 | Arizona Board Of Regents Acting For And On Behalf | Random Number Generating Systems and Related Methods |
US20180129801A1 (en) * | 2016-11-09 | 2018-05-10 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Puf-based password generation scheme |
US20180145838A1 (en) * | 2016-11-18 | 2018-05-24 | Qualcomm Incorporated | Message-based key generation using physical unclonable function (puf) |
US20180176012A1 (en) * | 2016-08-04 | 2018-06-21 | Macronix International Co., Ltd. | Unchangeable physical unclonable function in non-volatile memory |
US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
US20180329962A1 (en) * | 2015-11-20 | 2018-11-15 | Intrinsic Id B.V. | An assigning device |
US20190165956A1 (en) * | 2017-11-29 | 2019-05-30 | Taiwan Semiconductor Manufacturing Company, Ltd. | Physical unclonable function (puf) security key generation |
WO2019140218A1 (en) * | 2018-01-12 | 2019-07-18 | Stc.Unm | An autonomous, self-authenticating and self-contained secure boot-up system and methods |
US20190280858A1 (en) * | 2018-03-09 | 2019-09-12 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Key exchange schemes with addressable elements |
US20200382293A1 (en) * | 2019-05-29 | 2020-12-03 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Quantum ternary key distribution |
US20210281432A1 (en) * | 2019-03-13 | 2021-09-09 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Physical unclonable function-based encryption schemes with combination of hashing methods |
US20210399905A1 (en) * | 2020-06-23 | 2021-12-23 | Samsung Electronics Co., Ltd. | Integrated circuit for physically unclonable function and method of operating the same |
-
2020
- 2020-06-12 US US16/900,671 patent/US11343108B2/en active Active
Patent Citations (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5434917A (en) | 1993-10-13 | 1995-07-18 | Thomson Consumer Electronics S.A. | Unforgeable identification device, identification device reader and method of identification |
US20030210783A1 (en) * | 2000-07-27 | 2003-11-13 | Ross Filippi | Method and system of encryption |
US20080044027A1 (en) | 2003-10-29 | 2008-02-21 | Koninklijke Philips Electrnics, N.V. | System and Method of Reliable Foward Secret Key Sharing with Physical Random Functions |
US20160042628A1 (en) | 2006-06-19 | 2016-02-11 | Rezia Fatima Begum Roston | Childcare tracking systems and method |
US20110103161A1 (en) * | 2008-04-17 | 2011-05-05 | Tuyls Pim T | Method of reducing the occurrence of burn-in due to negative bias temperature instability |
US20120128151A1 (en) * | 2009-08-07 | 2012-05-24 | Dolby International Ab | Authentication of Data Streams |
US8300450B2 (en) | 2010-11-03 | 2012-10-30 | International Business Machines Corporation | Implementing physically unclonable function (PUF) utilizing EDRAM memory cell capacitance variation |
US20120131340A1 (en) * | 2010-11-19 | 2012-05-24 | Philippe Teuwen | Enrollment of Physically Unclonable Functions |
US20120183135A1 (en) | 2011-01-19 | 2012-07-19 | Verayo, Inc. | Reliable puf value generation by pattern matching |
US20120265928A1 (en) | 2011-04-15 | 2012-10-18 | Kui-Yon Mun | Non-volatile memory devices, methods of operating non-volatile memory devices, and systems including the same |
US20130156183A1 (en) * | 2011-12-16 | 2013-06-20 | Yuichi Komano | Encryption key generating apparatus and computer program product |
US20140093074A1 (en) * | 2012-09-28 | 2014-04-03 | Kevin C. Gotze | Secure provisioning of secret keys during integrated circuit manufacturing |
US20150234751A1 (en) * | 2012-10-04 | 2015-08-20 | Intrinsic Id B.V. | System for generating a cryptographic key from a memory used as a physically unclonable function |
US20150007337A1 (en) | 2013-07-01 | 2015-01-01 | Christian Krutzik | Solid State Drive Physical Uncloneable Function Erase Verification Device and Method |
US20150071432A1 (en) | 2013-09-09 | 2015-03-12 | Qualcomm Incorporated | Physically unclonable function based on resistivity of magnetoresistive random-access memory magnetic tunnel junctions |
US20150195088A1 (en) | 2014-01-03 | 2015-07-09 | William Marsh Rice University | PUF Authentication and Key-Exchange by Substring Matching |
WO2015105687A1 (en) | 2014-01-08 | 2015-07-16 | Stc.Unm | Systems and methods for generating physically unclonable functions from non-volatile memory cells |
US20160078252A1 (en) * | 2014-09-15 | 2016-03-17 | Arm Limited | Address dependent data encryption |
US20170017808A1 (en) * | 2015-07-13 | 2017-01-19 | Texas Instruments Incorporated | Sram timing-based physically unclonable function |
US20170046129A1 (en) * | 2015-08-13 | 2017-02-16 | Arizona Board Of Regents Acting For And On Behalf | Random Number Generating Systems and Related Methods |
US20180329962A1 (en) * | 2015-11-20 | 2018-11-15 | Intrinsic Id B.V. | An assigning device |
US20180176012A1 (en) * | 2016-08-04 | 2018-06-21 | Macronix International Co., Ltd. | Unchangeable physical unclonable function in non-volatile memory |
US20180278418A1 (en) * | 2016-08-04 | 2018-09-27 | Macronix International Co., Ltd. | Physical unclonable function for security key |
US20180129801A1 (en) * | 2016-11-09 | 2018-05-10 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Puf-based password generation scheme |
US10320573B2 (en) * | 2016-11-09 | 2019-06-11 | Arizona Board Of Regents On Behalf Of Northern Arizona University | PUF-based password generation scheme |
US20180145838A1 (en) * | 2016-11-18 | 2018-05-24 | Qualcomm Incorporated | Message-based key generation using physical unclonable function (puf) |
US20190165956A1 (en) * | 2017-11-29 | 2019-05-30 | Taiwan Semiconductor Manufacturing Company, Ltd. | Physical unclonable function (puf) security key generation |
WO2019140218A1 (en) * | 2018-01-12 | 2019-07-18 | Stc.Unm | An autonomous, self-authenticating and self-contained secure boot-up system and methods |
US20190280858A1 (en) * | 2018-03-09 | 2019-09-12 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Key exchange schemes with addressable elements |
US20210281432A1 (en) * | 2019-03-13 | 2021-09-09 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Physical unclonable function-based encryption schemes with combination of hashing methods |
US20200382293A1 (en) * | 2019-05-29 | 2020-12-03 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Quantum ternary key distribution |
US20210399905A1 (en) * | 2020-06-23 | 2021-12-23 | Samsung Electronics Co., Ltd. | Integrated circuit for physically unclonable function and method of operating the same |
Also Published As
Publication number | Publication date |
---|---|
US20200396091A1 (en) | 2020-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11991275B2 (en) | System and method for quantum-safe authentication, encryption and decryption of information | |
US11736460B2 (en) | Encryption schemes with addressable elements | |
US9001998B2 (en) | Data encryption and decryption method and apparatus | |
US8194858B2 (en) | Chaotic cipher system and method for secure communication | |
CN106656475B (en) | Novel symmetric key encryption method for high-speed encryption | |
JP5167374B2 (en) | Data encryption device and memory card | |
US20190207758A1 (en) | Generation of keys of variable length from cryptographic tables | |
EP3157225B1 (en) | Encrypted ccnx | |
US11283633B2 (en) | PUF-based key generation for cryptographic schemes | |
US8942373B2 (en) | Data encryption and decryption method and apparatus | |
US10992463B2 (en) | Communication over quantum channels with enhanced performance and security | |
US11233662B2 (en) | Keyless encrypting schemes using physical unclonable function devices | |
WO2003019842A2 (en) | Stream cipher, hash, and pseudo-random number generator | |
US11496326B2 (en) | Physical unclonable function-based encryption schemes with combination of hashing methods | |
TWI673992B (en) | Entwined encryption and error correction | |
US11936782B2 (en) | Secure multi-state quantum key distribution with wavelength division multiplexing | |
US20230386541A1 (en) | Puf applications in memories | |
US11343108B2 (en) | Generation of composite private keys | |
US9152801B2 (en) | Cryptographic system of symmetric-key encryption using large permutation vector keys | |
US11799674B2 (en) | Error correcting schemes for keyless encryption | |
Bhat et al. | Information Security using Adaptive Multidimensional Playfair Cipher. | |
KR20220137024A (en) | Symmetric Asynchronous Generation Encryption Method | |
JP2015050708A (en) | Dynamic encryption key generation system | |
CN114745118A (en) | Key searching method based on hash table index and computer readable storage medium | |
KR100317250B1 (en) | Method of Cryptographing Data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
AS | Assignment |
Owner name: ARIZONA BOARD OF REGENTS ON BEHALF OF NORTHERN ARIZONA UNIVERSITY, ARIZONA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BOOHER, DENNIS D;CAMBOU, BERTRAND F;REEL/FRAME:052934/0346 Effective date: 20200612 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |